November 12 – 18 is Cybersecurity Workforce Development Awareness Week

I hear it every day: there is a tremendous and growing shortage of cybersecurity professionals globally… and I can definitely agree that there is a shortage. Where I might differ a bit is in the completeness of that statement; I would say there is a tremendous shortage of qualified and certified cybersecurity professionals globally.

In the same way that I frequently hear about the shortages of people in this field, I also regularly meet, read articles from, or hear about the latest ‘cybersecurity expert’ of which there seems to be a strangely enormous number of! We can leave that debate for another day because today I would like to talk about what you can do to get a career started in cybersecurity!

Knowledge

Well, of course you have to learn some stuff if you want to be good at doing anything in life! Like a career in information technology, a career in cybersecurity absolutely requires that you embrace continuous learning. The security threats and challenges that you are tasked to deal with in cybersecurity constantly evolve and sometimes as quickly as within the same day so an ability to learn is crucial. I strongly recommend applied knowledge or industry type learning and something with which you can get the next thing you need: certifications.

Certifications

I have met a few people who turn up their nose at industry or professional certifications of any kind; I call those people “unrealistic”. If you want to get your foot in any cybersecurity door then you absolutely need to get at least some sort of certification in this field. Having a university or college degree or diploma is a start but you need to add to that by getting a recognized cybersecurity certification such as: CISSP, ISO27001 Implementer, CEH, Security+, CRISC, etc.

Experience

Yes, it is difficult to get experience in a field you are new to if you do not have the experience to get the job to get the experience that you need! Now, if I haven’t lost you with that one…. you can get experience by a) volunteering on security organizations, b) starting yourself out with some job shadowing or internships, or c) self-employed consulting. Please, please, please, do not undertake complex or risky security work on your own if you are new to this field! If you need help, seek out an experienced security pro to help/mentor you on your first few jobs or your first role.

Ethics

Did you see this one coming? A security professional without ethics is like a baker without flour – not much use, really. You need to be ethical and you need to act ethical at all times if you want to be a trusted security professional and if you do not want to lose any security certifications that you might have (and, by the way, this includes being 100% honest and accurate on your resume). Anyone who hires or employs you should verify your experience, certifications, and background (and most likely this would include a criminal records check) so expect that you will be assessed before you are hired. If you maintain ethical conduct at all times then you most likely have nothing to worry about!

Final Thoughts

Look for reputable cybersecurity training from known and proven security professionals and organizations. Keep your skills fresh by practicing, reading and researching on your own time in addition to anything you might learn in courses or on the job. Do not become a “Google” security expert – anyone with a sliver of awareness can tell when you are Googling for answers rather than using your own analytical thinking skills. Finally, practice what you preach: if you are a security professional, act like one at all times and that can help you become a better one.

Anthony is one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards based compliance. He sits on the Standards Council of Canada (SCC) IT Security Techniques committee (MC/ ISO/IEC/JTC 1/SC 27), the Disaster Recovery Institute Canada (DRIC) Certification Committee, Cloud Security Alliance committee on the security of health care data in the cloud and is an Exam Development Volunteer for ISC2. Anthony has worked in utilities, law enforcement, consulting, education, health care, lottery and gaming, auditing and the financial sector.